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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- If NO period for reply is speciHed above, the maximum statutory period will apply and v^ll expire SIX (6) ty/IONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) 13 Responsive to communication(s) filed on 21 December 2000 and 09 March 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) ^ Claim(s) 11-34 is/are pending in the application. 
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5) 0 Claim(s) is/are allowed. 
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Application Papers 
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DETAILED ACTION 



This office action is responsive to communication filed on 12/21/2000 and the 
supplemental preliminary amendment filed on 03/09/2001 . 



Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 1 50 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," 'The disclosure 
describes," etc. 

Therefore, " The present invention " (page 8, line 1 ) is redundant. It is suggested 
to start the abstract with A method, device, and software module for controlling — . 
Also, the numbers and parenthesis need to be deleted in the abstract. 



Claims 27 and 28 are objected to because of the following informalities: It is 
suggested to delete " a first-level " (claim 27, line 2) and " a second-level "(claim 28, line 
2) and insert ~ the first level - and ~ the second-level ~. Appropriate correction is 



Specification 



Claim Objections 



required. 





Application/Control Number: 09/740,800 
Art Unit: 2157 



Page 3 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1 1 - 34 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Brown et ai (US 5,941,947; hereinafter Brown). 

Regarding claim 1 1 and 29, Brown teaches a method for controlling access to a 
requestor to resources in a distributed computer system (fig. 1) comprising defining 
conditions for obtaining a right to a resource, assigning to the requestor at least one role 
based on an access control list, defining a part of a set of resources that is accessible 
by a given role by a validity domain, and utilizing the validity domain of the given role to 
restrict the resources accessible for the given role to only part of the resources (col. 1 , 
lines 27 - 56; col. 2, lines 46 - 57; paragraph bridging col. 15, line 38 through col. 16, 
line 67; see abstract). Claim 29 adds the limitation of a software module for controlling 
access by a requestor to resources (col. 6, lines 18-31; col. 31 , lines 30 - 42). 

Regarding claims 12-13 and 30-31, Brown teaches a method for controlling 
access to a requestor to resources in a distributed computer system (fig. 2A), which 
further stores an additional piece of information relative to the need to consult the . 
validity domain of the role in the access control list; further comprising consulting the 



t,. 

Application/Control Number: 09/740,800 Page 4 

Art Unit: 2157 

additional information relative to the need to consult the validity domain of the role and 
verifying that the resource in question belongs to the validity only if required by said 
information (col. 4, lines 15 - 65). 

Regarding claims 14-16 and 32 - 34, Brov\/n teaches a method for controlling 
access to a requestor to resources in a distributed computer system (fig. 2A), which 
further comprises the steps of performing an access check on two levels: a first level 
check on the type of the resource; and a second level check on the identifier; wherein 
the first-level check verifies the existence of at least one entry of the access control list 
that satisfies conditions for obtaining a requested right of entry, and if, the right of entry 
exists, the existence of a validity domain for said entry; wherein the second-level check 
verifies, if a requested permission for right of entry contains a resource identifier, the 
existence of at least one configured permission corresponding to the requested 
permission and the value of the additional information relative to the need to consult the 
validity (fig. 3B; col. 4, lines 40 - 65; col. 1 1 , lines 3 - 31 ; col. 1 9, lines 52 - 67). 

Regarding claims 17 - 21 , Brown teaches a method for controlling access to a 
requestor to resources in a distributed computer system (fig. 2A), which further 
comprises the steps of grouping rights or resources into generic groups represented by 
special characters or keywords or other symbols (figs. 5A - 5B; col. 16, lines 55 - 67; 
col. 20, lines 53 - 63). 

Regarding claim 22, Brown teaches a device for controlling access by a 
requestor to interrogated resources in a distributed computer system (fig. 8), comprising 
at least one management machine organized into one or more networks said machine 



Application/Control Number: 09/740,800 Page 5 

Art Unit: 2157 

having at least one calling entity, for designating actions executed by the requestor (fig. 
1; paragraph bridging col. 6, line 66 through col. 7, line 37), an application program 
interface for transmitting interrogations from the calling entity, an access control service 
for receiving said interrogations and controlling access of the requestors to the 
interrogated resources, storage means for storing roles, access control lists and validity 
domains and means for accessing the storage means (col. 3, lines 26 - 44; col. 7, lines 
48-60). 

Regarding claim 23, Brown teaches a device for controlling access by a 
requestor to interrogated resources in a distributed computer system (fig. 8), which 
further comprises means for defining conditions for obtaining a right to a resource, 
means for assigning to the requestor at least one role based on an access control list, 
and means for restricting the resources accessible for a given role to only part of the 
resources by means of a validity domain of the role (col. 1 , lines 27 - 56; col. 2, lines 46 
- 57; paragraph bridging col. 15, line 38 through col. 16, line 67; see abstract). 

Regarding claims 24 and 25, Brown teaches a device for controlling access by a 
requestor to interrogated resources in a distributed computer system (fig. 8), wherein 
the means for storing stores an additional piece of information relative to the need to 
consult the validity domain of the role in the access control list (col. 4, lines 15 - 65). 

Regarding claims 26 - 28, Brown teaches a device for controlling access by a 
requestor to interrogated resources in a distributed computer system (fig. 8), further 
comprising means for performing an access check on two levels: a first-level check on 
the type of the resource; and a second-level check on the identifier of the resource (2d); 
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wherein a first-level check verifies the existence of at least one entry of the access 
control list that satisfies conditions for obtaining a requested right of entry to a resource, 
and, if the entry exists, the existence of a validity domain for said entry; and wherein a 
second level check verifies if a requested right of entry to a resource contains a 
resource identifier, the existence of at least one configured permission corresponding to 
the requested right of entry and the value of additional information relative to the need 
to consult the validity domain (fig. 3B; col. 4, lines 40 - 65; col. 1 1 , lines 3 - 31 ; col. 1 9, 
lines 52 - 67). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Deinhart et al (US Patent Number 5,911 ,143) discloses a method and system for 
advanced role-based access control in distributed and centralized computer systems. 

Contact Information 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Yves Dalencourt whose telephone number is (703) 308- 
8547. The examiner can normally be reached on M-TH 7:30AM - 6: 30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (703) 308-7562. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Yves Dalencourt 



June 21, 2004 
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